Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,045 advisories

TYPO3 Arbitrary Code Execution via File List Module High
GHSA-8h4m-r4wm-xj7r was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Denial of Service in Frontend Record Registration High
GHSA-g585-crjf-vhwq was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Security Misconfiguration for Backend User Accounts High
GHSA-c5mj-39cf-3pp5 was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 CMS Possible Insecure Deserialization in Extbase Request Handling High
GHSA-hh95-5xm5-v8v7 was published for typo3/cms (Composer) Jun 7, 2024
typo3 Security fix for Flow Swift Mailer package High
GHSA-xjw3-5r5c-m5ph was published for typo3/swiftmailer (Composer) Jun 5, 2024
typo3 Information Disclosure Security Note High
GHSA-g4xv-r3qw-v3q2 was published for typo3/neos (Composer) Jun 5, 2024
Flow Bugfix Releases for Entity Security High
GHSA-vh6j-wv25-8qxr was published for typo3/flow (Composer) Jun 5, 2024
Cross-Site Scripting (XSS) vulnerabilities in Neos High
GHSA-4542-p56h-8xww was published for typo3/neos (Composer) Jun 5, 2024
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS High
GHSA-ppgf-8745-8pgx was published for typo3/cms (Composer) Jun 5, 2024
Privilege Escalation & SQL Injection in TYPO3 CMS High
GHSA-7qwg-fcpw-xg5g was published for typo3/cms (Composer) Jun 5, 2024
TYPO3 Remote Code Execution in third party library swiftmailer High
GHSA-g4pf-3jvq-2gcw was published for typo3/cms (Composer) Jun 5, 2024
Insecure Deserialization in TYPO3 CMS High
GHSA-8h28-f46f-m87h was published for typo3/cms (Composer) Jun 5, 2024
Remote code execution in web server context High
CVE-2024-37295 was published for aimeos/aimeos-core (Composer) Jun 5, 2024
ssshah2131
Flooding Server with Thumbnail files High
CVE-2024-32871 was published for pimcore/pimcore (Composer) Jun 4, 2024
jheimbach dandanx
XML External Entity (XXE) Processing in TYPO3 Core High
GHSA-qffc-gwpp-m2xr was published for typo3/cms (Composer) Jun 4, 2024
TYPO3 SQL Injection in dbal High
GHSA-9895-53fc-98v2 was published for typo3/cms (Composer) Jun 3, 2024
Unsafe Reflection in base Component class in yiisoft/yii2 High
CVE-2024-4990 was published for yiisoft/yii2 (Composer) Jun 2, 2024
zonia3000 mtangoo
iBotPeaches
Moodle Improper Input Validation High
CVE-2024-33999 was published for moodle/moodle (Composer) May 31, 2024
TYPO3 frontend login vulnerable to Session Fixation High
GHSA-r9vc-jfmh-6j48 was published for typo3/cms (Composer) May 30, 2024
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts High
GHSA-4r76-xr68-w7m7 was published for typo3/cms (Composer) May 30, 2024
TYPO3 possible cache poisoning on the homepage when anchors are used High
GHSA-p84g-j2gh-83g3 was published for typo3/cms (Composer) May 30, 2024
TYPO3 Arbitrary Shell Execution in Swiftmailer library High
GHSA-45xg-4w5x-j429 was published for typo3/cms (Composer) May 30, 2024
TYPO3 Possible Insecure Deserialization in Extbase Request Handling High
GHSA-5h5v-m596-r6rf was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API High
GHSA-x428-565f-8xj2 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Security Misconfiguration in Frontend Session Handling High
GHSA-82vp-jr39-4j2j was published for typo3/cms-core (Composer) May 30, 2024
ProTip! Advisories are also available from the GraphQL API